Sponsor

In the past I’ve published articles on how to do a benchmark with namebench to see what’s the fastest DNS server for you and how to crypt your DNS traffic if you use Opendns but I’ve never done a comprehensive guide of the command dig, probably the best command you can have on the command line to query a DNS server, so today I want to show you the basic usage of this command and some trick, using examples that you can re-use for your goals.

But as first thing, probably every reader know what’s a DNS server, but anyway it’s better to take the good definition from Wikipedia:

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide.

So let’s see how we can query a DNS server o get all the info we need.

OpenDNS is a popular DNS provider used widely both in the server as in home desktop, one of the feature they provide to their customer is DNSCrypt, a security enhancement that should add protection against all DNS based attacks, such as cache poisoning.

In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between OpenDNS customers and their DNS servers. The software is released as open source on GitHub.

At the moment this solution only works in conjunction with OpenDNS, which means that you need to change your computer’s DNS provider to OpenDNS to make use of the this security feature, that’s their business after all.